New ‘Rowhammer’ Attack Can Remotely Hijack Android Phones

For the very first time, security researchers hold stumbled on an efficient device to milk a four-year-inclined hacking contrivance called Rowhammer to hijack an Android phone remotely.

Dubbed GLitch, the proof-of-thought contrivance is a brand new addition to the Rowhammer attack sequence which leverages embedded graphics processing devices (GPUs) to build a Rowhammer attack in opposition to Android smartphones.

Rowhammer is an wretchedness with most modern era dynamic random accept admission to memory (DRAM) chips in which many instances getting access to a row of memory can reason “bit flipping” in an adjacent row, allowing someone to change the charge of contents kept in pc memory.

Identified since at the least 2012, the wretchedness modified into first exploited by Google’s Venture Zero researchers in early 2015, when they pulled off distant Rowhammer assaults on computers working Dwelling windows and Linux.

Closing year, a team of researchers in the VUSec Lab at Vrije Universiteit Amsterdam demonstrated that the Rowhammer contrivance would possibly presumably per chance also work on Android smartphones, however with a valuable limitation of a malicious application being first installed on the target phone.

Nonetheless, the an identical team of researchers has now proven how their proof-of-thought attack “GLitch,” can exploit the Rowhammer attack contrivance merely by web hosting a domain working malicious JavaScript code to remotely hack an Android smartphone below proper 2 minutes, without counting on any software trojan horse.

Since the malicious code runs easiest within the privileges of the come by browser, it goes to witness on particular person’s browsing pattern or take their credentials. Nonetheless, the attacker can not create additional accept admission to to particular person’s Android phone.

Here’s How GLitch Attack Works

GLitch is the most valuable distant Rowhammer contrivance that exploits the graphics processing devices (GPU), which is stumbled on in nearly all mobile processors, as antagonistic to the CPU that modified into exploited in all old theorized variations of the Rowhammer attack.

Since the ARM processors inner Android smartphones consist of a form of cache that makes it advanced to accept admission to focused rows of memory, researchers accept consume of GPU, whose cache would possibly presumably per chance even be more without wretchedness controlled, allowing hackers to hammer focused rows without any interference.

The contrivance is named GLitch with first two letters capitalized because it uses a widely old browser-primarily based graphics code library is named WebGL for rendering graphics to suppose off a known glitch in DDR3 and DDR4 memory chips.

Currently, GLitch targets smartphones working the Snapdragon 800 and 801 system on a chip—that entails each CPU and GPU—which manner the PoC works easiest on older Android telephones love the LG Nexus 5, HTC One M8, or LG G2. The attack would possibly presumably per chance even be launched in opposition to Firefox and Chrome.

In a video demonstration, the researchers hiss their JavaScript-primarily based GLitch attack on a Nexus 5 working over Mozilla’s Firefox browser to create read/write privileges, giving them the ability to establish malicious code over the software.

“At the same time as you is susceptible to be questioning if we are going to have the selection to suppose off bit flips on Chrome the reply is yes, we are going to have the selection to. As a matter of truth, most of our overview modified into implemented on Chrome,” the researchers mentioned. “We then switched to Firefox for the exploit proper because we had prior details of the platform and stumbled on more documentation.”

No Blueprint Patch Can Fully Repair the Rowhammer Arena

Since Rowhammer exploits a pc hardware weak point, no software patch can entirely fix the wretchedness. Researchers suppose the Rowhammer possibility isn’t very easiest real however also has the aptitude to reason some real, severe wound.

Though there isn’t very any device to fully block an Android phone’s GPU from tampering with the DRAM, the team has been working with Google on ways to resolve the wretchedness.

For more in-depth basic facets on the new attack contrivance, you can head on to this informational page about GLitch and this paper [PDF] published by the researchers.